First we need to get into our iDevices shell prompt. We will browse Cydia (that gets installed by default with the jailbreak) and then will install the openSSH package.

Once we get openSSH installed you can SSH into your device by finding its IP address in the Settings > Wireless Networks > Advanced ">" menu.

Now SSH into port 22 on that IP using the username "root" and the password "alpine".

Once we have shell we can use APT to install most of the other packages we need. Also change the default root password to something else so people can't mess with your phone!

Arming your iDevice with *nix tools

To have a functioning *nix environment we need to install a ton of utilities that aren't usually installed as part of the default jailbreak or Bash shell. This includes utilities like strings, grep, awk, find, etc...

Some of the utility packages do not verbatim tell what's inside of them; things like big boss tools and Erika utilities.

These two in specific install strings and other binutils type tools. Several of them patched or modded to work on the iOS architecture (arm).

Extras

In addition to utilities that help make our iDevice a functioning *nix environment there are several tools that aid in connecting, controlling, reverse engineering, and monitoring iOS applications. Below is a list of those tools, a description, and their locations (some cut from my OWASP page):

Tool

Link

Description

USBMuxd

http://cgit.sukimashita.com/usbmuxd.git/

Tunnel ports over USB (enable SSH without
network using localhost:2222)

Next steps

This is just the basics.

Once you get all of these utilities and tools installed you're pretty much waiting on substrate to be working for iOS 7. After that's done you can install your favorite all encompassing or homegrown tool that uses substrate to do hooking such as Cycript, Inlyzer, SSLKillSwitch, Snoopit, IntroSpy, iAuditor, etc.

Then you just have to MitM the web traffic. There are plenty of guides on that around the net.

If you have other tools you use in your app assessment setup we'd love to hear about it. Feel free to leave suggestions in the comments.